CA Community






This Blog
Syndication

Are your licenses in compliance?

Published: September 07 2011, 07:45 AM
by Robert Stroud

Have you been audited lately for compliance with your current licensing of software assets? If so, were you shocked to find that you were out of compliance with your virtualization initiatives and had a large unbudgeted bill to pay?

If that is your organization, you are not alone.  My various discussions globally have confirmed that many are finding they have to pay unbudgeted license fees due to exceeding counts. The remedy for this issue is the implementation of better controls and processes to ensure future compliance or you may purchase unlimited licenses.

These processes are sound and appropriate, but with the growing number of "power users" who can purchase and install software or can order environments from a catalog, software compliance is still an issue. Not to say that these "power user" installations are not licensed - more often than not, they are - but where is that license when the audit takes place and can you readily prove compliance without significant work? The situation can become even worse with the installation of shareware, freeware and other web based licenses, which may have unique conditions that are only applicable when installed in the enterprise.

Now while much of the focus may be on the end user, the proliferation and ease of virtualization leads to the simple and rapid consumption and proliferation of licenses. And as more vendors move to usage based licenses that have various charging models these need to be monitored for not only effective license management, but also how they may impact an organization with additional fee's that may need to be paid. It is becoming a focus of many forward thinking CIO's to ensure that software license compliance is implemented to ensure effective management of the server based license models to ensure not only adherence to contracts but more importantly the avoidance of unbudgeted and potentially embarrassing capital expenditure.

A friend recently told me their PC's were totally locked down. They couldn't add any software at all and if any was found, the environment was automatically reinstalled the next time the device was physically connected to the corporate network after a nasty automatically generated email.  Those in  the organization have already worked out how to circumvent the mandate by purchasing SaaS based applications and expensing them monthly. Even though there was no requirement to purchase a license, the cost of an alternate tool often was being incurred, not to mention any potential issues with data and where it is stored. (Note to IT managers if you see a reduction in calls on an application, it could be the user community may have found an alternative.)

Getting back to the focus of effectively managing the resources we are entrusted with including hardware, software and of course cash:  As IT professionals we need to understand our license consumption, and more importantly you need to be aware of the contract terms and conditions - especially if there are usage fees attached. If we do not quickly move to manage this aspect of our IT business we quickly become a source of problems for the business rather than the solution. The secret here is to put good automated processes in place and manage the 20% of the problem that gives you 80% of the value. So I recommend you focus of the server environment first as this is where the majority of the large payments stem from.

Share this post:  
Tags: , , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

1 person has left a comment:

I think you are letting the biz and senior management off the hook too lightly.

The difficulties of managing software licensing have been steadily increasing  since the rise of the PC and with the growing trend of technology services being procured directly by the business, IT now has much less visibility and little ability to manage it.  

There’s few who recognize the non-compliance risks or the costs of over licensing.  Of those few, even less care – a direct result of the governance approach to human behaviours and how organisations incentivise.  More and more pressure is being placed on delivering an outcome with not enough consideration of the how.  Licenses are perceived as those pesky things that get in the way of the business innovation which is generally rewarded.  

Most organisations try to put the accountability for various compliances back onto the individual by making them sign something that says "while employed by company x, I won't do naughty things".    This isn't very effective and the appetite for risk would appear to be enormous.  It's generally not until an audit failure that someone becomes accountable.  

A higher level proactive governance approach advocated in ISO38500 around the accountability and responsibility of managing IT assets balanced to business needs would go some way to help.  Rather than wait for the audit, organisations could implement some proactive control measures - you think maybe?

There's certainly been an improvement in road safety over the last couple of decades with the rise of  control measures such as random breath testing, and on the spot fines for speeding in a school zone or driving whilst using a hand-held mobile phone.  

OK, perhaps an organisation's failure to manage its software licenses isn't risk to life and limb, but until the risk is perceived great enough to implement better governance measures, the issue won't be going away anytime soon.

Posted by: Kathryn | September 8, 2011 7:37 AM

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit